consoleadmin.hmrc.ecospend.com Open in urlscan Pro
3.9.93.2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://consoleadmin.hmrc.ecospend.com/
Effective URL:
https://consoleadmin.hmrc.ecospend.com/login
Submission: On October 19 via api (October 19th 2023, 12:47:57 pm UTC) from US — Scanned from US

Summary HTTP 22 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 22 HTTP transactions. The main IP is 3.9.93.2, located in London, United Kingdom and belongs to AMAZON-02, US. The main domain is consoleadmin.hmrc.ecospend.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 22nd 2023. Valid for: a year.

This is the only time consoleadmin.hmrc.ecospend.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
20	3.9.93.2 3.9.93.2	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	2

20 3.9.93.2 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

consoleadmin.hmrc.ecospend.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	ecospend.com consoleadmin.hmrc.ecospend.com	7 MB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 250	4 KB
22	2

	Domain	Requested by
20	consoleadmin.hmrc.ecospend.com	consoleadmin.hmrc.ecospend.com
2	cdnjs.cloudflare.com	consoleadmin.hmrc.ecospend.com
22	2

This site contains links to these domains. Also see Links.

Domain
ecospend.com

Subject Issuer	Validity	Valid
hmrc.ecospend.com Amazon RSA 2048 M01	`2023-02-22` - `2024-02-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://consoleadmin.hmrc.ecospend.com/login
Frame ID: A69C841D2B9518B94F145BFAF555F1C7
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ecospend Gateway Admin Console

Page URL History Show full URLs

https://consoleadmin.hmrc.ecospend.com/ Page URL
https://consoleadmin.hmrc.ecospend.com/login Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

6940 kB
Transfer

6973 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://ecospend.com/terms-conditions
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://ecospend.com/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://consoleadmin.hmrc.ecospend.com/ Page URL
https://consoleadmin.hmrc.ecospend.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
consoleadmin.hmrc.ecospend.com/ 2 KB
3 KB 447ms
112ms Document
text/html 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

71c81b782d63bdd267fb5eeeb3fab472cbc4510c346a7457188cabf231010ee7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: public, max-age=0
content-length: 1795
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: credentialless
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Thu, 19 Oct 2023 12:47:50 GMT
etag: W/"703-18a27b332d0"
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
origin-agent-cluster: ?1
referrer-policy: no-referrer
server: istio-envoy
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-envoy-upstream-service-time: 6
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1

GET
H2 200 flag-icon.min.css
cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/css/ 33 KB
2 KB 99ms
36ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/css/flag-icon.min.css

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fe6690c98e11b16b97dfc9092e4efc228b8027b4518165ae235214a97658633

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 494100
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1478
last-modified: Mon, 04 May 2020 16:10:05 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5d-8398"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6RTV7fBkEgmE651iX%2BVjnVhJlXwzHt%2Fexb598vyQjVo0clNjUgY7ScDq0I%2BYxFJs5GOTAmJfvfgv9lEqdUMQVMn4LsPGL8f28Bu1zBZeQonVOnCHPeBDDGkphRJq2ZYtv8LzZIGXQjaxRzACAIutaY7i"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 818921c6780b4bcc-BUF
expires: Tue, 08 Oct 2024 12:47:50 GMT

GET
H2 200 87.320a7b74.chunk.css
consoleadmin.hmrc.ecospend.com/static/css/ 29 KB
30 KB 217ms
216ms Stylesheet
text/css 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/css/87.320a7b74.chunk.css

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

d987df2e873ccef52a44dfebae4c3eda199c309d39855adfd3735bd33706803e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:50 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 5
cross-origin-resource-policy: same-origin
content-length: 29581
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"738d-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 main.3e0bbc12.chunk.css
consoleadmin.hmrc.ecospend.com/static/css/ 575 KB
577 KB 320ms
319ms Stylesheet
text/css 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/css/main.3e0bbc12.chunk.css

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

597c7b53f35ad0b92f2949dea8c09e809af32ff76e4706415d57da0bd49aeadc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:50 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
cross-origin-resource-policy: same-origin
content-length: 588996
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"8fcc4-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 jquery-3.5.1.min.js Show response
consoleadmin.hmrc.ecospend.com/js/ 87 KB
89 KB 318ms
316ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/js/jquery-3.5.1.min.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:50 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 8
cross-origin-resource-policy: same-origin
content-length: 89476
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:17:40 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"15d84-18a27b18520"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 js-cookie.js Show response
consoleadmin.hmrc.ecospend.com/js/ 4 KB
5 KB 218ms
217ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/js/js-cookie.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

3fc8d8f8c09ee97d9c8cd4a6178ad0bd921a9cbe55c14513e0c06738c9dc8d15

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:50 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 6
cross-origin-resource-policy: same-origin
content-length: 3883
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:17:40 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"f2b-18a27b18520"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 main.js Show response
consoleadmin.hmrc.ecospend.com/js/ 13 KB
14 KB 321ms
319ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/js/main.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

997349a71cc70b8129a31a5e3c7a807ae2ca82a64888e0bdae9e7c3bfc4ddaa5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:50 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 10
cross-origin-resource-policy: same-origin
content-length: 12898
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:17:40 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"3262-18a27b18520"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 runtime-main.3455ed79.js Show response
consoleadmin.hmrc.ecospend.com/static/js/ 9 KB
10 KB 321ms
320ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/js/runtime-main.3455ed79.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

fbb43fe9bca15ba8289863b00fc55f1025bb020e02b2c18c58af2705b21db38e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:50 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 12
cross-origin-resource-policy: same-origin
content-length: 9243
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"241b-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 87.df637434.chunk.js Show response
consoleadmin.hmrc.ecospend.com/static/js/ 3 MB
3 MB 322ms
321ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/js/87.df637434.chunk.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

5c5066cfd66761aff276c3c2a3c73431606bd9d6062bf4e7c4a4b71af1dfa5ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:50 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 8
cross-origin-resource-policy: same-origin
content-length: 2630285
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"28228d-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 main.e251693e.chunk.js Show response
consoleadmin.hmrc.ecospend.com/static/js/ 161 KB
162 KB 322ms
321ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/js/main.e251693e.chunk.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

66e0a1f859a7c80c8e8138124db3c4bbbf6e0e7553a8a15d2fc9b6876a068e47

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:50 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 7
cross-origin-resource-policy: same-origin
content-length: 164758
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"28396-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 ecospend-logo.9ea0faf7.svg
consoleadmin.hmrc.ecospend.com/static/media/ 5 KB
7 KB 107ms
107ms Image
image/svg+xml 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consoleadmin.hmrc.ecospend.com/static/media/ecospend-logo.9ea0faf7.svg

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 2
cross-origin-resource-policy: same-origin
content-length: 5586
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"15d2-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 Primary Request login Show response
consoleadmin.hmrc.ecospend.com/ 2 KB
3 KB 107ms
107ms Document
text/html 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/login

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/static/js/main.e251693e.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

71c81b782d63bdd267fb5eeeb3fab472cbc4510c346a7457188cabf231010ee7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: public, max-age=0
content-length: 1795
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: credentialless
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Thu, 19 Oct 2023 12:47:52 GMT
etag: W/"703-18a27b332d0"
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
origin-agent-cluster: ?1
referrer-policy: no-referrer
server: istio-envoy
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-envoy-upstream-service-time: 2
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1

GET
H2 200 flag-icon.min.css
cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/css/ 33 KB
2 KB 37ms
34ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.1.0/css/flag-icon.min.css

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fe6690c98e11b16b97dfc9092e4efc228b8027b4518165ae235214a97658633

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 494102
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1478
last-modified: Mon, 04 May 2020 16:10:05 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5d-8398"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YjVNHD%2FjaDcY1oLZZgWdTlEhipEJoeUL5USB7nbyyoHel7fuylHd4c%2BcQWmn9oYm%2BhjDelHKTU0GZ0HqfSbvRmgV8Br9MEm1rwlJ2qokAGlHGSNDpHx5IS4irA8fjh%2B%2BceHqXoH2riN2cUa6IYYfL5M0"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 818921d1989a4bcc-BUF
expires: Tue, 08 Oct 2024 12:47:52 GMT

GET
H2 200 87.320a7b74.chunk.css
consoleadmin.hmrc.ecospend.com/static/css/ 29 KB
30 KB 109ms
107ms Stylesheet
text/css 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/css/87.320a7b74.chunk.css

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

d987df2e873ccef52a44dfebae4c3eda199c309d39855adfd3735bd33706803e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 2
cross-origin-resource-policy: same-origin
content-length: 29581
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"738d-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 main.3e0bbc12.chunk.css
consoleadmin.hmrc.ecospend.com/static/css/ 575 KB
577 KB 121ms
119ms Stylesheet
text/css 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/css/main.3e0bbc12.chunk.css

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

597c7b53f35ad0b92f2949dea8c09e809af32ff76e4706415d57da0bd49aeadc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 6
cross-origin-resource-policy: same-origin
content-length: 588996
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"8fcc4-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 jquery-3.5.1.min.js Show response
consoleadmin.hmrc.ecospend.com/js/ 87 KB
89 KB 113ms
111ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/js/jquery-3.5.1.min.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 5
cross-origin-resource-policy: same-origin
content-length: 89476
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:17:40 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"15d84-18a27b18520"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 js-cookie.js Show response
consoleadmin.hmrc.ecospend.com/js/ 4 KB
5 KB 114ms
112ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/js/js-cookie.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

3fc8d8f8c09ee97d9c8cd4a6178ad0bd921a9cbe55c14513e0c06738c9dc8d15

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 4
cross-origin-resource-policy: same-origin
content-length: 3883
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:17:40 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"f2b-18a27b18520"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 main.js Show response
consoleadmin.hmrc.ecospend.com/js/ 13 KB
14 KB 117ms
115ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/js/main.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

997349a71cc70b8129a31a5e3c7a807ae2ca82a64888e0bdae9e7c3bfc4ddaa5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 6
cross-origin-resource-policy: same-origin
content-length: 12898
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:17:40 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"3262-18a27b18520"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 runtime-main.3455ed79.js Show response
consoleadmin.hmrc.ecospend.com/static/js/ 9 KB
10 KB 116ms
114ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/js/runtime-main.3455ed79.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

fbb43fe9bca15ba8289863b00fc55f1025bb020e02b2c18c58af2705b21db38e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 5
cross-origin-resource-policy: same-origin
content-length: 9243
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"241b-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 87.df637434.chunk.js Show response
consoleadmin.hmrc.ecospend.com/static/js/ 3 MB
3 MB 329ms
327ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/js/87.df637434.chunk.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

5c5066cfd66761aff276c3c2a3c73431606bd9d6062bf4e7c4a4b71af1dfa5ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 7
cross-origin-resource-policy: same-origin
content-length: 2630285
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"28228d-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 main.e251693e.chunk.js Show response
consoleadmin.hmrc.ecospend.com/static/js/ 161 KB
162 KB 114ms
113ms Script
application/javascript 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consoleadmin.hmrc.ecospend.com/static/js/main.e251693e.chunk.js

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

66e0a1f859a7c80c8e8138124db3c4bbbf6e0e7553a8a15d2fc9b6876a068e47

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:52 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 4
cross-origin-resource-policy: same-origin
content-length: 164758
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"28396-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 ecospend-logo.9ea0faf7.svg
consoleadmin.hmrc.ecospend.com/static/media/ 5 KB
7 KB 107ms
106ms Image
image/svg+xml 3.9.93.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consoleadmin.hmrc.ecospend.com/static/media/ecospend-logo.9ea0faf7.svg

Requested by

Host: consoleadmin.hmrc.ecospend.com
URL: https://consoleadmin.hmrc.ecospend.com/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.9.93.2 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-9-93-2.eu-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

48b428d8a433d5c8546ec196455425240520f3179164a405f9fc800ae574ac98

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 12:47:53 GMT
content-security-policy: default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: credentialless
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 2
cross-origin-resource-policy: same-origin
content-length: 5586
x-xss-protection: 1
referrer-policy: no-referrer
last-modified: Thu, 24 Aug 2023 13:19:30 GMT
server: istio-envoy
cross-origin-opener-policy: same-origin
etag: W/"15d2-18a27b332d0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
origin-agent-cluster: ?1
cache-control: public, max-age=0
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none';manifest-src 'self';script-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https: * 'unsafe-inline' 'unsafe-hashes';style-src 'self' https: * 'unsafe-inline' 'unsafe-hashes';img-src 'self' https: * https: data:;font-src 'self' https: *;connect-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com wss://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com https://pisapi.hmrc.ecospend.com https://aisapi.hmrc.ecospend.com;frame-src 'self' https://iam-hm.ecospend.com https://mngtconsole.hmrc.ecospend.com https://reporting.hmrc.ecospend.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
consoleadmin.hmrc.ecospend.com
2606:4700::6811:180e
3.9.93.2
0fe6690c98e11b16b97dfc9092e4efc228b8027b4518165ae235214a97658633
3fc8d8f8c09ee97d9c8cd4a6178ad0bd921a9cbe55c14513e0c06738c9dc8d15
48b428d8a433d5c8546ec196455425240520f3179164a405f9fc800ae574ac98
597c7b53f35ad0b92f2949dea8c09e809af32ff76e4706415d57da0bd49aeadc
5c5066cfd66761aff276c3c2a3c73431606bd9d6062bf4e7c4a4b71af1dfa5ff
66e0a1f859a7c80c8e8138124db3c4bbbf6e0e7553a8a15d2fc9b6876a068e47
71c81b782d63bdd267fb5eeeb3fab472cbc4510c346a7457188cabf231010ee7
997349a71cc70b8129a31a5e3c7a807ae2ca82a64888e0bdae9e7c3bfc4ddaa5
d987df2e873ccef52a44dfebae4c3eda199c309d39855adfd3735bd33706803e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fbb43fe9bca15ba8289863b00fc55f1025bb020e02b2c18c58af2705b21db38e

consoleadmin.hmrc.ecospend.com Open in urlscan Pro 3.9.93.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

6940 kBTransfer

6973 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

consoleadmin.hmrc.ecospend.com Open in urlscan Pro
3.9.93.2 Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

6940 kB
Transfer

6973 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions